Security is a jigsaw. It has a lot of pieces (network security, email security, endpoint security etc) but to have the perfect fit, you have to align them correctly. You cannot replace a piece with a different piece even if you have more than one piece! If you are missing a piece you will always have a gabbing whole. This is where attackers will come in through.
Firewall
You will always need something that stringently separates the outside from the inside i.e. Stops the attackers coming in.
You will always need an effective security scanner to provide you with trusted, hard to spoof, clean and reliable communication.
Endpoint
Endpoints are the most dangerous environment of an organisation. This is where the weakest point is: i.e. people. It is no surprise that this is where the attackers are most successful and this is where data is created.
The security controls you have placed on your endpoint are your last line of defense.
I see the following mistakes happen a lot. Companies use the endpoints as the first line of defense. In contrary endpoint should be your last line of defenses. Organisation are putting too many components on the endpoint. Attacks that should have been stopped by the email scanner, or data protection which lacks proper classification will in the end be costly -no return of investment. For example there is absolutely no point to place a data leak prevention agent if you
- a) don’t have clear understanding of you are trying to stop/allow -data classification and
- b) if you don’t perform the same checks on network traffic, printing, email, faxing, copying, file sharing apps (dropbox, box, etc…). Data leak prevention should be look at alone and not as part of an endpoint protection.
Solution: use the right securitymeasures at the right place and for the right reasons. Perform the full life cycle of the security measures not just half of it.
A lot of companies due to different reasons (cost, wrong strategy, oversight) wrongly try to substitute one technology with another. For example they believe they have a strong technology in one segment of their environment and try to cut cost on other part. False sense of security!
- Solution: Understand that you need strong security that is fit for purpose for ALL part of your network
Organisation do not adopt Security Everywhere strategy. This means they do not have products that can be integrated. They use a lot of technologies from various vendors without integration capabilities. This ultimately means they do not have full visibility of what is happening in their environment: before, during and after of an attack
- Solution: Adopt a strategy that gives you complete visibility. The only way to achieve this is if you use products that natively work together as a solution. Move away from siloed security.
Key take away:
The above points (there are many!) highlight the oversight that are exploited by attackers. That is why phishing is so successful because a lot of organizations are missing one or two pieces of the jigsaw.
You should never lose sight of an infection or a malicious file(s). You need to see how they entered, where they are, what impact they had in your network and devices etc. The only way to achieve this is to have a way to see them in all segment of your network through tight integration of Email, Firewall and endpoints.